[dokuwiki] Re: LDAP backend, ACL and groups setup

  • From: Dominique Frise <dominique.frise@xxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Tue, 25 Aug 2009 08:34:50 +0200

Replying to myself ;-)

After digging in the code, I could see that the "-" (dash or hyphen) is NOT defined in the "UTF-8 array of common special characters".

<quote>
/**
 * UTF-8 array of common special characters
 *
 * This array should contain all special characters (not a letter or digit)
* defined in the various local charsets - it's not a complete list of non-alphanum * characters in UTF-8. It's not perfect but should match most cases of special
 * chars.
 *
* The controlchars 0x00 to 0x19 are _not_ included in this array. The space 0x20 is! * These chars are _not_ in the array either: _ (0x5f), : 0x3a, . 0x2e, - 0x2d, * 0x2a
 *
 * @author Andreas Gohr <andi@xxxxxxxxxxxxxx>
 * @see    utf8_stripspecials()
 */
</quote>


Here below the diffs from parser.php, utf8.php and auth.php files that I had to modify to make the dash understood by DokuWiki.

[wwwexp@iris dokuwiki]$ diff -u ./inc/parser/parser.php ./inc/parser/parser.php.dist
--- ./inc/parser/parser.php     Mon Aug 24 16:49:32 2009
+++ ./inc/parser/parser.php.dist        Sat Feb 14 13:13:25 2009
@@ -617,7 +617,7 @@
     function preConnect() {
         if(!count($this->acronyms)) return;

-        $bound = '[\x00-\x2d\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]';
+        $bound = '[\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]';
         $acronyms = array_map('Doku_Lexer_Escape',$this->acronyms);
$this->pattern = '(?<=^|'.$bound.')(?:'.join('|',$acronyms).')(?='.$bound.')';
     }

[wwwexp@iris dokuwiki]$ diff -u ./inc/utf8.php ./inc/utf8.php.dist --- ./inc/utf8.php Mon Aug 24 17:10:59 2009
+++ ./inc/utf8.php.dist Sat Feb 14 13:13:25 2009
@@ -34,7 +34,7 @@
      * @see    urlencode
      */
     function utf8_encodeFN($file,$safe=true){
-      if($safe && preg_match('#^[a-zA-Z0-9/_\.%]+$#',$file)){
+      if($safe && preg_match('#^[a-zA-Z0-9/_\-.%]+$#',$file)){
         return $file;
       }
       $file = urlencode($file);
@@ -1182,7 +1182,7 @@
  * chars.
  *
* The controlchars 0x00 to 0x19 are _not_ included in this array. The space 0x20 is! - * These chars are _not_ in the array either: _ (0x5f), : 0x3a, . 0x2e, * 0x2a+ * These chars are _not_ in the array either: _ (0x5f), : 0x3a, . 0x2e, - 0x2d, * 0x2a
  *
  * @author Andreas Gohr <andi@xxxxxxxxxxxxxx>
  * @see    utf8_stripspecials()
@@ -1190,7 +1190,7 @@
 global $UTF8_SPECIAL_CHARS;
 if(empty($UTF8_SPECIAL_CHARS)) $UTF8_SPECIAL_CHARS = array(
0x001a, 0x001b, 0x001c, 0x001d, 0x001e, 0x001f, 0x0020, 0x0021, 0x0022, 0x0023, - 0x0024, 0x0025, 0x0026, 0x0027, 0x0028, 0x0029, 0x002b, 0x002c, 0x002d,
+  0x0024, 0x0025, 0x0026, 0x0027, 0x0028, 0x0029,         0x002b, 0x002c,
0x002f, 0x003b, 0x003c, 0x003d, 0x003e, 0x003f, 0x0040, 0x005b,
   0x005c, 0x005d, 0x005e,         0x0060, 0x007b, 0x007c, 0x007d, 0x007e,
0x007f, 0x0080, 0x0081, 0x0082, 0x0083, 0x0084, 0x0085, 0x0086, 0x0087, 0x0088,
@@ -1258,7 +1258,7 @@
 // utf8 version of above data
 global $UTF8_SPECIAL_CHARS2;
 if(empty($UTF8_SPECIAL_CHARS2)) $UTF8_SPECIAL_CHARS2 =
- "\x1A".' !"#$%&\'()+,-/;<=>?@[\]^`{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•�'. + "\x1A".' !"#$%&\'()+,/;<=>?@[\]^`{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•�'. '�—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½�'.

'�¿×÷ˇ˘˙˚˛˜˝̣̀́̃̉΄΅·ϖְֱֲֳִֵֶַָֹֻּֽ־ֿ�'.
     
'�ׁׂ׃׳״،؛؟ـًٌٍَُِّْ٪฿‌‍‎‏–—―‗‘’‚“”�'.

[wwwexp@iris dokuwiki]$ diff -u ./inc/auth.php ./inc/auth.php.dist --- ./inc/auth.php Mon Aug 24 16:47:28 2009
+++ ./inc/auth.php.dist Sat Feb 14 13:13:25 2009
@@ -521,10 +521,10 @@

   if (!isset($cache[$name][$skip_group])) {
     if($skip_group && $name{0} =='@'){
- $cache[$name][$skip_group] = '@'.preg_replace('/([\x00-\x2d\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e', + $cache[$name][$skip_group] = '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',

"'%'.dechex(ord(substr('\\1',-1)))",substr($name,1));
     }else{
- $cache[$name][$skip_group] = preg_replace('/([\x00-\x2d\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e', + $cache[$name][$skip_group] = preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',

"'%'.dechex(ord(substr('\\1',-1)))",$name);
     }
   }


With this changes, I could use "* @ci%2dg 1" in acl.auth.php.


Dominique


Dominique Frise wrote:
Hi all,

We are using dokuwiki-2009-02-14 and are unable to set group ACLs :-(

The LDAP backend work as expected. (LDAP Server is Sun JDS)

User "xyz" logging trace:

LDAP user search: Success [ldap.class.php:180]
LDAP usergroup: ci-g [ldap.class.php:237]


Now we'd like for to deny access for ALL and give read access for the group "ci-g" (xyz is a member of ci-g)- in acl.auth.php.

We tried:

*               @ALL          0
*               @ci-g         1

And this ("dash" url-encoded):

*               @ALL          0
*               @ci%2dg       1

None of them work (user get Pemission Denied).
What's wrong ?

Thanks fo help.

Dominique
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: